However, upon further reflection, he soon realised the problem wasn’t his reports.

Clients were choosing to believe that bad things wouldn’t happen to them.

The early days

After a cryptography subject at the Queensland University of Technology sparked an interest in information security back in 1993, Gaskell has since devoted his career to ensuring cyber security is taken seriously.

And it’s this passion for cyber security that nearly cost him a job with a bank early in his career.

“I particularly remember starting at the bank, they said, ‘Look, I know we hired you as a security architect, but we really need someone to do this other [IT] work,’ and I'm like, ‘No, that's not my career plan. I think there's a bright future in cyber security.’”

“I declined, and I said to them, ‘If you didn't seriously hire me to do the security architect's job, let's just say I never started and I'll walk out.’

“That was day two.”

Gary stayed.

Smarter banking

Although it got off to a shaky start, Gaskell worked extensively with the banking sector in the early days of online banking.

One of his most memorable jobs came at the turn of the millennium with one major Australian bank, when he was tasked with creating the security plan for its first-ever internet banking system.

Fast forward 17 years and online banking in Australia is serious business.

Just like its popularity, Gaskell has seen the security measures around online banking, and in other industries, transform in his time.

He explains that it is no longer a lack of security mechanisms from banks that poses the biggest risk when it comes online banking – it’s us.

“Modern internet banking systems have really accepted that incidents will happen, and we don't.”

But according to Gaskell, this is driving a shift in the way in which banks and other websites protect customers online.

“The biggest weak points are the endpoint devices that the users are using,” he said. “So, there's not actually fundamentally trusted devices to log in from.”

“The banks actually detect anomalies based on probably a hacked workstation or a hacked Android phone and limit the transactions.

“The balance has changed from being solely focused on preventive controls to having a serious focus on detective and preventing controls, detecting and responding to the incident."

Seeing the change

In Gaskell’s current position of Principal Consultant for Infosec Services, he sees the differing approaches toward cyber security from a range of industries.

At times, he explains, businesses would still rather pretend nothing is wrong when a major cyber vulnerability appears.

“If you look at a system where it's had appalling security and it's really lacking, a CIO and CEO, who believes they’re fundamentally excellent managers, they don't want to hear the message that they’ve totally mismanaged the security of a multimillion-dollar IT project.

“Let’s face it – no one would!”

However, changing the perception and language used around cyber security is helping businesses choose to improve their cyber standards.

“Communicating to those people that it's not challenging their view of themselves as good managers, but pitching it as an improvement opportunity, so they can demonstrate how good a manager they are because they found these issues and they're going to fix it, so they own the problem.”

Additionally, major incidents, such as the Equifax breaches last year, are now driving top-down change in boardrooms around the world.

“The big change is executives and the Prime Minister are talking about it.

“That's driven change because people are having board-level discussions and people go, ‘Well, are we on top of this or are we not?’

“Almost every CEO in Australia knows that the Target America and Equifax CEOs lost their jobs because of a major cyber breach.

In our CYBER EXPERTS SERIES, Information Age talks to cyber security leaders across Australia and beyond about the biggest threats facing the industry, how they got into cyber security, and what keeps them up at night.

Edward Pollitt

Edward Pollitt After starting as an intern for Information Age in 2017, Edward is now a full-time journalist with the publication. He covers a range of topics that relate to the technology sector, with a particular interest in start-ups, digital transformation and cyber security.